IT Blogwatch Security

Adobe FAIL: Yet another Flash 0-day vuln 'sploited in wild

smh. Three vulnerabilities in as many weeks? Pictured: Adobe CSO Brad Arkin

patch flash again
Credit: Brad Arkin

Oh boy, here it comes again. Adobe Flash has yet another zero-day vulnerability that's being exploited in the wild.

Could three patches in as many weeks be the final nail in the coffin at many IT shops?

In IT Blogwatch, bloggers chorus the suggestion to uninstall it.

curated these bloggy bits for your entertainment.


Lucian "the great" Constantin waves his thumb downwards:

Hackers are exploiting another unpatched vulnerability in Flash Player -- the third one in the past month. [It's] being actively exploited in drive-by-download attacks that target systems running Flash Player under Internet Explorer or Mozilla Firefox.

The vulnerability, which is tracked as CVE-2015-0313...affects Flash Player on all supported platforms. [The] malicious advertisements...were observed earlier this month on popular video sharing site dailymotion.com.

Users should take precautions until Adobe releases patches. Malicious advertisements are difficult to block because they are launched through legitimate advertising networks...on popular, trusted websites. Users should enable the click-to-play feature in browsers to prevent...Flash from running automatically.  MORE


And Iain Thomson says, "enough is enough":

It's time to flush Flash. ... The Photoshop goliath is warning that yet another programming blunder in its code is being exploited. ... It won't have a patch ready...until later this week. Buckle up.

Flash has been around in one form or another for nearly 20 years...it's time to take the software round the back of the shed and shoot it. ... Flash is too old and doddery to be worth the hassle. YouTube finally dumped [it for] HTML5 video. Twitch doesn't need it any more, neither does Netflix. ... Flash is just not fit for purpose. ... It will fill your hard drive with raw sewage. ... It's the Lego brick in your foot [in] a dark kitchen at 3am.

Uninstall it and see how you get on.  MORE


Trend Micro's Peter Pi is constantly irrational: [You're fired -Ed.]

Our initial analysis suggests that this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection chains. ... Infection happens automatically, since advertisements are designed to load once a user visits a site.

We have been monitoring...SWF_EXPLOIT.MJST...since January 14. ... So far we’ve seen around 3,294 hits. ... This is only the latest of the zero-day vulnerabilities found in Adobe Flash this month.  MORE


So Sara Peters is troubled by scope and severity:

The latest spate of Flash vulnerabilities is troubling because Flash is so hard to avoid. [Ad] exploits are delivered via drive-by-download, not requiring user interaction. Ads are found on millions of websites, and are served by third-party ad platforms, not the site administrators.

Attacks are everywhere, targeting everything from consumers to US defense contractors, committing everything from click fraud to information gathering.  MORE


But this Anonymous Coward wishes we'd all just calm down:

Oh come on everyone.

It's only a little download. Lets keep calm and carry on. I mean, it's not as if you have to cut off a body part everytime you have to patch is it?  MORE


You have been reading IT Blogwatch by , who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.